Jump to content

Continuing problems after removing Security Suite/Antimalware Doctor 3 weeks ago.....


Recommended Posts

Hi, my PC has been running fine since I was last helped Sept.14.

Just a couple of days ago I noticed the exact same series of events taking place here; this time I got no virus's detected by my anti-virus programs. I believe I may have gotten it through email. McAfee didn't pick it up, whatever the case may be. I have the following programs: SpywareBlaster, Spybot and Ad-Aware as well. Also ''Io Security'' to boot. Nothing was detected by either program.

McAfee ''AV'' was disabled along with: McAfee Firewall, and my Creative Labs Sound Control Panel is disabled and inop. Can't get it to work. My Network Connections Folder id empty[icons are gone] I can't connect to the internet. I first noticed my sound, Firewall and AV were disabled at any rate. Basically. I've the same crap going on here as last time.

I went into Safe Mode to run Malwarebytes and McAfee right away. Re-booted with absolutely no files found with either programs. What the heck is going on here? I stayed away from the listed sites: Bit torrent and others you mentioned. This is a silent virus, I will say. I can't think of anything else to add here.

When I re-booted, I also noticed my Administrator Account came up-NOT NORMAL HERE- along with my others I have for that extra protection in case my password gets wiped out. Now, I do have a second HD with Win XP Home SP3 installed as well; so at this point I'm able to email and get support.

I have HJ [Hijack This] installed as well. Any other info you may need I will get for you. I'm running Win XP Home w/ SP3 with all updates current.

Regards,

DJ

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

---------------------------------------------------------------------------------------------------------------------------------------------

Here is the Combofix log;

ComboFix 10-10-05.01 - DAVE 10/08/2010 15:44:51.8.2 - x86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1392 [GMT -4:00]

Running from: c:\documents and settings\DAVE\Desktop\ComboFix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

((((((((((((((((((((((((( Files Created from 2010-09-08 to 2010-10-08 )))))))))))))))))))))))))))))))

.

2010-10-02 19:10 . 2010-10-02 19:10 -------- d-----w- c:\windows\LastGood.Tmp

2010-09-25 23:06 . 2010-09-25 23:06 -------- d-----w- c:\program files\Microsoft

2010-09-25 23:06 . 2010-09-25 23:06 -------- d-----w- c:\program files\MSN Toolbar

2010-09-25 23:06 . 2010-09-25 23:07 -------- d-----w- c:\program files\MSN Toolbar Installer

2010-09-25 22:42 . 2010-09-25 22:42 -------- d-----w- c:\program files\Winamp Detect

2010-09-25 22:42 . 2010-09-25 22:52 -------- d-----w- c:\documents and settings\DAVE\Application Data\Winamp

2010-09-25 22:42 . 2010-09-25 22:48 -------- d-----w- c:\program files\Winamp

2010-09-25 22:38 . 2003-06-25 20:05 266360 ----a-w- c:\windows\system32\TweakUI.exe

2010-09-22 20:00 . 2010-09-22 20:00 -------- d-----w- c:\program files\Common Files\Creative

2010-09-22 20:00 . 2010-09-22 20:00 -------- d--h--w- c:\program files\Creative Installation Information

2010-09-22 19:51 . 2010-09-22 19:53 6390815 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative SoundFont Bank Manager Web Update ver 1.00.21__\SFBM_WEB_030909.exe

2010-09-22 19:49 . 2010-09-22 19:51 12907880 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative WaveStudio 7.12.00__\WAVESTD_PCAPP_LB_7_12_00.exe

2010-09-22 19:44 . 2010-09-22 19:49 37634288 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.26.02__\CMS5_PCAPP_LB_5_26_02.exe

2010-09-22 19:44 . 2010-09-22 19:44 4193086 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Gracenote Update for Creative applications__\CDDB_PCApp_LB_2_40_02.exe

2010-09-22 19:30 . 2010-09-22 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative

2010-09-22 19:26 . 2010-09-22 19:26 -------- d-----w- c:\program files\Common Files\Creative Labs Shared

2010-09-20 20:04 . 2010-09-20 20:04 -------- d-----w- c:\documents and settings\DAVE\Local Settings\Application Data\Powercinema

2010-09-20 19:56 . 2010-09-20 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink

2010-09-20 19:56 . 2010-09-20 19:56 -------- d-----w- c:\program files\Dell

2010-09-20 04:37 . 2010-09-22 19:25 109144 ----a-w- c:\windows\system32\OpenAL32.dll

2010-09-20 04:14 . 2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

2010-09-20 04:14 . 1996-05-23 08:24 24976 ------w- c:\windows\CTRES.DLL

2010-09-20 04:14 . 1994-12-05 09:11 53552 ------w- c:\windows\CTCCW.DLL

2010-09-20 04:14 . 1998-06-05 08:00 84992 ------w- c:\windows\system32\SFCVRT32.DLL

2010-09-20 04:14 . 1998-10-20 22:05 54784 ------w- c:\windows\system32\INETWH32.DLL

2010-09-20 04:14 . 1995-08-30 08:02 82432 ------w- c:\windows\system32\CTWFLT32.DLL

2010-09-20 04:14 . 1995-07-13 08:01 26768 ------w- c:\windows\system32\CTL3D.DLL

2010-09-20 04:14 . 1998-01-08 07:00 1048576 ------w- c:\windows\system32\SFMAN.DAT

2010-09-20 04:13 . 2010-09-20 04:13 184 ----a-w- c:\windows\system32\e000003.dat

2010-09-20 04:12 . 2003-01-27 20:32 831600 ----a-w- c:\windows\system32\Ctaa1.dat

2010-09-20 04:12 . 2003-01-15 15:41 77824 ----a-w- c:\windows\system32\ctdvda32.dll

2010-09-20 04:12 . 2001-05-28 17:47 12288 ----a-w- c:\windows\system32\AHQCpURes.dll

2010-09-20 04:09 . 2001-03-30 06:00 62976 ----a-w- c:\windows\system32\CTDetres.dll

2010-09-20 04:09 . 1999-12-13 07:01 44032 ----a-w- c:\windows\system32\CTSVCCDA.EXE

2010-09-20 04:09 . 2002-02-20 09:00 331776 ------w- c:\windows\system32\CTMEDENG.DLL

2010-09-20 04:09 . 2000-04-20 05:00 24576 ----a-w- c:\windows\system32\CTMERes.DLL

2010-09-20 00:17 . 1999-11-18 07:00 25088 ------w- c:\windows\system32\CTSVCCTL.EXE

2010-09-16 18:58 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-09-16 18:57 . 2010-09-16 18:57 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

2010-09-16 18:57 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe

2010-09-16 18:57 . 2010-09-16 18:57 -------- d-----w- c:\program files\Lavasoft

2010-09-15 04:34 . 2010-09-15 04:34 503808 ----a-w- c:\documents and settings\DAVE\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-388004dc-n\msvcp71.dll

2010-09-15 04:34 . 2010-09-15 04:34 499712 ----a-w- c:\documents and settings\DAVE\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-388004dc-n\jmc.dll

2010-09-15 04:34 . 2010-09-15 04:34 61440 ----a-w- c:\documents and settings\DAVE\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6aa546b4-n\decora-sse.dll

2010-09-15 04:34 . 2010-09-15 04:34 348160 ----a-w- c:\documents and settings\DAVE\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-388004dc-n\msvcr71.dll

2010-09-15 04:34 . 2010-09-15 04:34 12800 ----a-w- c:\documents and settings\DAVE\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6aa546b4-n\decora-d3d.dll

2010-09-15 04:34 . 2010-09-15 04:34 -------- d-----w- c:\program files\Common Files\Java

2010-09-15 04:33 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-10 19:55 . 2010-09-10 19:55 -------- d-----w- c:\program files\ESET

2010-09-10 03:47 . 2007-02-02 20:57 49377 ----a-w- c:\windows\system32\drivers\mamotou.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-05 19:16 . 2009-09-29 18:10 100113 ----a-w- c:\documents and settings\DAVE\Application Data\CBS Interactive\CNET TechTracker\uninst.exe

2010-10-02 22:30 . 2008-09-20 20:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-10-02 20:08 . 2010-04-13 01:02 -------- d-----w- c:\program files\Mozilla Thunderbird

2010-10-02 19:26 . 2009-01-27 00:08 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore

2010-10-02 19:10 . 2010-06-06 21:04 -------- d-----w- c:\program files\McAfee

2010-10-01 18:00 . 2008-10-14 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2010-09-29 19:40 . 2009-03-21 19:01 -------- d-----w- c:\program files\Microsoft Silverlight

2010-09-24 23:45 . 2008-09-24 22:01 -------- d-----w- c:\program files\Google

2010-09-22 20:03 . 2008-09-20 09:01 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-09-22 20:02 . 2008-09-20 09:15 -------- d-----w- c:\program files\Creative

2010-09-22 19:25 . 2008-09-22 19:38 445016 ----a-w- c:\windows\system32\wrap_oal.dll

2010-09-19 01:45 . 2010-02-12 03:56 -------- d-----w- c:\program files\GameSpy Arcade

2010-09-18 21:32 . 2009-08-26 01:33 -------- d-----w- c:\documents and settings\DAVE\Application Data\IObit

2010-09-18 18:56 . 2008-09-20 20:22 -------- d-----w- c:\program files\SpywareBlaster

2010-09-16 18:57 . 2008-09-20 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-09-15 04:33 . 2009-07-20 19:11 -------- d-----w- c:\program files\Java

2010-09-15 04:23 . 2008-09-22 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Retrospect

2010-09-15 02:57 . 2008-09-20 09:05 52512 ----a-w- c:\documents and settings\DAVE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-09-05 22:02 . 2005-04-25 15:28 871040 ----a-w- c:\windows\system32\drivers\iaStor.sys

2010-08-30 19:33 . 2004-08-04 12:00 12400 ----a-w- c:\windows\system32\drivers\secdrv.sys

2010-08-25 20:01 . 2010-08-25 20:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Active Disk

2010-08-25 19:56 . 2010-08-23 04:32 -------- d-----w- c:\documents and settings\DJ Backup Account\Application Data\AutoSync for Yahoo

2010-08-25 17:53 . 2008-09-20 06:41 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-24 20:18 . 2009-10-30 04:26 -------- d-----w- c:\program files\IObitCom

2010-08-24 20:11 . 2010-08-23 01:19 52512 ----a-w- c:\documents and settings\DJ Backup Account\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-24 19:57 . 2010-08-13 04:52 -------- d-----w- c:\documents and settings\DAVE\Application Data\BitTorrent

2010-08-24 19:56 . 2010-08-23 19:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\AutoSync for Yahoo

2010-08-24 04:08 . 2010-08-24 04:07 -------- d-----w- c:\documents and settings\HONDA\Application Data\Ahead

2010-08-24 04:07 . 2010-08-24 04:07 55256 ----a-w- c:\documents and settings\HONDA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-24 03:56 . 2010-08-24 03:56 -------- d-----w- c:\documents and settings\HONDA\Application Data\Leadertech

2010-08-24 03:35 . 2010-08-24 03:35 -------- d-----w- c:\documents and settings\DJ Backup Account\Application Data\Ahead

2010-08-23 19:12 . 2010-08-23 19:12 52512 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-23 04:33 . 2010-08-23 04:33 -------- d-----w- c:\documents and settings\DJ Backup Account\Application Data\PushSyncData

2010-08-23 01:40 . 2010-08-23 01:40 -------- d-----w- c:\documents and settings\DJ Backup Account\Application Data\Malwarebytes

2010-08-22 19:59 . 2008-09-22 18:46 -------- d-----w- c:\program files\Windows Media Connect 2

2010-08-19 04:10 . 2010-08-13 04:52 -------- d-----w- c:\program files\BitTorrent

2010-08-18 20:09 . 2010-06-16 18:44 -------- d-----w- c:\documents and settings\DAVE\Application Data\PCF-VLC

2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-13 04:48 . 2010-06-16 18:50 -------- d-----w- c:\program files\Miro

2010-08-13 04:37 . 2008-09-22 23:01 -------- d-----w- c:\program files\Participatory Culture Foundation

2010-08-13 04:34 . 2010-08-13 04:34 459112 ----a-w- c:\program files\Miro_Installer.exe

2010-07-22 15:49 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2009-04-17 19:33 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-15 19:18 . 2010-06-06 21:05 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys

2003-04-22 01:49 . 2003-04-22 01:49 669184 ----a-w- c:\program files\msxml4sxs32.msm

2003-04-22 01:49 . 2003-04-22 01:49 679424 ----a-w- c:\program files\msxml4sys32.msm

2008-09-23 20:03 . 2008-09-23 20:03 90 --sh--w- c:\windows\cnerolf.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-07 297808]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]

[HKEY_CLASSES_ROOT\agihelper.AGUtils]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]

2009-11-07 05:07 297808 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}]

2007-08-28 18:19 1440792 ----a-w- c:\program files\Nexus_Radio\tbNexu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

2009-10-01 21:29 2166296 ----a-w- c:\program files\IObitCom\tbIObi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{2462d2d8-b36e-44ab-84bf-c5a9383d2429}"= "c:\program files\Nexus_Radio\tbNexu.dll" [2007-08-28 1440792]

"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]

[HKEY_CLASSES_ROOT\clsid\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{2462D2D8-B36E-44AB-84BF-C5A9383D2429}"= "c:\program files\Nexus_Radio\tbNexu.dll" [2007-08-28 1440792]

"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]

[HKEY_CLASSES_ROOT\clsid\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-24 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 86016]

"hplampc"="c:\windows\System32\hplampc.exe" [2002-01-17 40448]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]

"Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" [2002-07-16 32768]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]

"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-03-16 127037]

"WD Button Manager"="WDBtnMgr.exe" [2009-06-06 360448]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]

"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]

"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]

"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]

"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-24 39408]

c:\documents and settings\DAVE\Start Menu\Programs\Startup\

CNET TechTracker.lnk - c:\documents and settings\DAVE\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe [2010-2-3 1111552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Yahoo! Autosync.lnk - c:\program files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe [2007-8-21 391680]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^DAVE^Start Menu^Programs^Startup^Alaska Airlines Update Conduit.lnk]

path=c:\documents and settings\DAVE\Start Menu\Programs\Startup\Alaska Airlines Update Conduit.lnk

backup=c:\windows\pss\Alaska Airlines Update Conduit.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^DAVE^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]

path=c:\documents and settings\DAVE\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^DAVE^Start Menu^Programs^Startup^Screen Saver Control.lnk]

path=c:\documents and settings\DAVE\Start Menu\Programs\Startup\Screen Saver Control.lnk

backup=c:\windows\pss\Screen Saver Control.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^DAVE^Start Menu^Programs^Startup^United Airlines Timetable Update Application.lnk]

path=c:\documents and settings\DAVE\Start Menu\Programs\Startup\United Airlines Timetable Update Application.lnk

backup=c:\windows\pss\United Airlines Timetable Update Application.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^DAVE^Start Menu^Programs^Startup^Webshots.lnk]

path=c:\documents and settings\DAVE\Start Menu\Programs\Startup\Webshots.lnk

backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoBAUP_FilesBackup_2]

AUTOBAUP2 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

2008-09-22 23:42 90112 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis

Link to post
Share on other sites

Hi,

Your log appears to be clean. I suggest you a new topic in the PC Help forum.

I've got some cleanup for you first:

Remove Combofix now that we're done with it.

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Link to post
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.